1. Field of the Invention
The present invention relates to storage and delivery of digital data objects such as software. More particularly, the invention concerns a web-accessible digital data storage and delivery system that initially authenticates users seeking access to objects contained in a library, and further automatically generates temporary file transfer protocol (FTP) access codes to streamline users' access to desired objects via an FTP server. One aspect of the invention is a web-based application that allows users to locate and then download digital files such as software to which they are entitled or otherwise authorized.
2. Description of the Related Art
An electronic software delivery and management service (ESDM) must be able to manage access to a large repository of digital files from a wide range of users by restricting users to only download files to which they are entitled. FTP is the most common method of downloading large digital files across the Internet.
There are two basic modes for accessing FTP servers. The first is via a well known-user who has a unique user ID with a password. The second is via an anonymous user. In the well-known user mode, the user must be configured as a user in the underlying operating system. This mode is problematic in that it requires human intervention to manage those user accounts (including user setup, expiration, and removal) on the FTP server. In systems with millions of end users, the level of required human intervention could be astronomical in time and cost. The anonymous mode is problematic in that the user is not known and, therefore, cannot be restricted to the appropriate set of files that are relevant to that user.
A typical solution to the problem is to use the anonymous FTP mode and to place files in obscure and/or temporary locations on the FTP server that cannot be found via navigation through the file system directory hierarchy. This solution is inadequate on several fronts. First, because the user access mode is anonymous, files that the actual user should not be allowed to access are technically still available for download. A file's storage location is all the user would need to download the file. Second, the anonymous user ID cannot be expired. As a result, a devious user would have an unlimited amount of time to look for unauthorized files. It has been reported that some sites use temporary but anonymous accounts. In this method, the user is not known and all users in a given period have access to the same files, but users only have access for a limited time. Such systems still suffer from the first problem, namely, that files are still available to users that are not authorized to access such files.